Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-72288

Update library and model code to support issuer+clientid uniqueness on registrations

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Minor
    • Resolution: Done
    • Affects Version/s: 4.0
    • Fix Version/s: None
    • Component/s: LTI provider
    • Affected Branches:
      MOODLE_400_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-72288-master
    • Testing Instructions:
      Hide

      Testing prerequisites

      1. You need two Moodle sites (localhost is fine) - one called 'platform' and one called 'tool'
      2. The tool site should be a fresh install (we need a fresh database, because the changes here are to existing upgrade steps which may have already run if you're reusing a site)
      3. In the tool site admin settings:
        • Enable enrol_lti and auth_lti plugins
        • Enable "Allow frame embedding"
        • Go to "Administration > Security > HTTP security" and leave empty the curlsecurityblockedhosts field (to permit localhost-to-localhost calls)
      4. Checkout the patch and run the upgrade on the tool site.

      Testing {issuer, client_id} uniqueness during platform registration

      1. Now, in the tool site, go to "Admin > Plugins > Enrolment plugins > Publish as LTI tool > Tool registration
      2. Generate a new dynamic registation URL by clicking the button
      3. Copy the URL using the copy to clipboard feature
      4. Now, in the platform site, login as admin
      5. Go to "Admin > Plugins > Activities > External tool > Manage tools"
      6. Paste the dynamic registration URL you copied into the text field and click "Add LTI Advantage"
      7. When the page reloads and you see the tool, go back into the tool site tab
      8. Reload the page
      9. Under "Registered Platforms" below, Verify the following:
        • You see a single platform registration entry
        • You see a single deployment for that registration
      10. Now, generate another registration URL above and copy it.
      11. Go back to the platform site tab
      12. In manage tools, enter the URL you just copied into the field and again click "Add LTI Advantage"
      13. You'll be presented with upgrade options, but just select "Register as a new external tool"
      14. When the page reloads and you see the tool, go back into the tool site tab
      15. Reload the page
      16. Under "Registered Platforms" below, Verify the following:
        • You see 2 platform registration entries
        • You see a single deployment for both registrations
        • The details column for the 2 entries has the same issuer, but different client_id values.
      17. Copy the values of client_id and issuer for one of the entries and store them somewhere (doesn't matter which one)
      18. Click "Register a platform"
      19. Enter the values for issuer and client_id - the ones you just copied.
      20. Enter a name and 'http://example.com' for the other URL fields.
      21. Save the form
      22. Verify you see a form validation error on the "Client Id" field, stating that the value of the client_id has already been registered under this issuer
      23. Change the client_id to something else and save
      24. Verify the entry was saved successfully.
      Show
      Testing prerequisites You need two Moodle sites (localhost is fine) - one called 'platform' and one called 'tool' The tool site should be a fresh install (we need a fresh database, because the changes here are to existing upgrade steps which may have already run if you're reusing a site) In the tool site admin settings: Enable enrol_lti and auth_lti plugins Enable "Allow frame embedding" Go to "Administration > Security > HTTP security" and leave empty the curlsecurityblockedhosts field (to permit localhost-to-localhost calls) Checkout the patch and run the upgrade on the tool site. Testing {issuer, client_id} uniqueness during platform registration Now, in the tool site, go to "Admin > Plugins > Enrolment plugins > Publish as LTI tool > Tool registration Generate a new dynamic registation URL by clicking the button Copy the URL using the copy to clipboard feature Now, in the platform site, login as admin Go to "Admin > Plugins > Activities > External tool > Manage tools" Paste the dynamic registration URL you copied into the text field and click "Add LTI Advantage" When the page reloads and you see the tool, go back into the tool site tab Reload the page Under "Registered Platforms" below, Verify the following: You see a single platform registration entry You see a single deployment for that registration Now, generate another registration URL above and copy it. Go back to the platform site tab In manage tools, enter the URL you just copied into the field and again click "Add LTI Advantage" You'll be presented with upgrade options, but just select "Register as a new external tool" When the page reloads and you see the tool, go back into the tool site tab Reload the page Under "Registered Platforms" below, Verify the following: You see 2 platform registration entries You see a single deployment for both registrations The details column for the 2 entries has the same issuer, but different client_id values. Copy the values of client_id and issuer for one of the entries and store them somewhere (doesn't matter which one) Click "Register a platform" Enter the values for issuer and client_id - the ones you just copied. Enter a name and 'http://example.com' for the other URL fields. Save the form Verify you see a form validation error on the "Client Id" field, stating that the value of the client_id has already been registered under this issuer Change the client_id to something else and save Verify the entry was saved successfully.
    • Story Points:
      5
    • Sprint:
      Navigation push 5, Navigation push 6

      Description

      Right now, the library treats each issuer as unique, whereas the spec allows issuer+clientid to be unique. I.e. multiple clients can register from the one issuer/platformid.

      This issue is scoped with making changes to the upstream and to the model (DB schema and any validation code in the model, or in dynamic registration's register.php) to allow registration of several clients under the same issuer for a given tool site.

      This issue should also check whether the dynamic registration flow can be used to add deployments for existing {issuer, clientid} tuples. For example, if I were to use a dynamic registration URL again in another platform context (such as registering the tool in another category, etc) and this result in a new deployment for the same issuer+clientid, would the tool be able to resolve this without trying to create a new registration and failing on the uniqueness clause.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jaked Jake Dallimore
              Reporter:
              jaked Jake Dallimore
              Peer reviewer:
              Mihail Geshoski Mihail Geshoski
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days, 46 minutes
                  2d 46m